[Israel.pm] perl memory and buffer overflows

Gaal Yahas gaal at forum2.org
Sun Dec 26 22:43:15 PST 2004


amit sides wrote:
> im not looking for a big bugs in the general perl interpreter...just
> wanna know about possible bugs that can be
> by my programing ...and poeple that can use to buffer overflow my
> code....i see a lot of exploits out there that use
> to buffer overflow open source programs like 'open webmail', 'webmin',
> etc...
> what is this shell code that they send mean then ?

This is no longer on-topic for perl-il, so I'll be brief:

The idea with overrun exploits is that as a user, you get to overwrite a
part of the memory image of a program with data you had carefully
constructed yourself. Since with computers data can be code, you can get
the program to run anything you want it to, with its own permissions. So
if you're doing this on a remote machine you don't have regular shell
access to, you could open a remote back door, or run remote commands. Or
if you're doing it on a local machine, but you don't have permissions
that the process you're attacking does, you can steal those permissions.

Shell code refers to code (machine code, almost always) that starts up
an interactive shell. Since this is simple code in itself and is yet
pretty powerful, it is usually what attackers put at the bottom bit of
their overwriting data.

Google "stack smashing for fun and profit" for more info.


And to turn this back to Perl: It is much easier to attack a CGI written
in Perl by feeding it data which fools the interpreter to run things,
*not* by overwriting buffers, but by playing with shell escapes. This is
as real a risk as c buffer overruns. Read the perlsec manual page for
the skinny on that.

Gaal



More information about the Perl mailing list